wolfSSL support added

This commit is contained in:
Vladimir Dubrovin 2026-07-13 20:24:51 +03:00
parent 3a66c0a4c0
commit f173f8860d
24 changed files with 499 additions and 207 deletions

View File

@ -28,7 +28,7 @@ jobs:
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- name: install packages
run: vcpkg install pcre2:x86-windows-static openssl:x86-windows-static
run: vcpkg install pcre2:x86-windows-static wolfssl[opensslcompat]:x86-windows-static
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v3
- name: make Windows MSVC
@ -41,7 +41,7 @@ jobs:
set "LIB=%LIB%;c:/vcpkg/installed/x86-windows-static/lib"
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x86-windows-static/include"
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
nmake /F Makefile.msvc
nmake /F Makefile.msvc WOLFSSL=1
- name: Decode Certificate
shell: pwsh
run: |

View File

@ -29,7 +29,7 @@ jobs:
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- name: install packages
run: vcpkg install pcre2:x64-windows-static openssl:x64-windows-static
run: vcpkg install pcre2:x64-windows-static wolfssl[opensslcompat]:x64-windows-static
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v3
- name: make Windows MSVC
@ -42,7 +42,7 @@ jobs:
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include"
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
echo %NOW% / %RELEASE% / %BUILDDATE% / %VERSION%
nmake /F Makefile.msvc
nmake /F Makefile.msvc WOLFSSL=1
- name: Decode Certificate
shell: pwsh
run: |

View File

@ -28,7 +28,7 @@ jobs:
echo "VERSION=/D `"VERSION=\`"3proxy-$RELEASE\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
echo "BUILDDATE=/D `"BUILDDATE=\`"$NOW\`"`"" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
- name: install packages
run: vcpkg install pcre2:arm64-windows-static openssl:arm64-windows-static
run: vcpkg install pcre2:arm64-windows-static wolfssl[opensslcompat]:arm64-windows-static
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v3
- name: make Windows MSVC
@ -41,7 +41,7 @@ jobs:
set "LIB=%LIB%;c:/vcpkg/installed/arm64-windows-static/lib"
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/arm64-windows-static/include"
echo "volatile char VerSion[]=^"3APA3A-3proxy-Internal-Build: 3proxy-%RELEASE%-%NOW%\r\nCode certificate: https://3proxy.org/3proxy.cer\r\n^";" >>src/3proxy.c
nmake /F Makefile.msvc
nmake /F Makefile.msvc WOLFSSL=1
- name: Decode Certificate
shell: pwsh
run: |

View File

@ -21,7 +21,7 @@ jobs:
steps:
- uses: actions/checkout@v7
- name: install Windows libraries
run: vcpkg install pcre2:x64-windows && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-openssl
run: vcpkg install pcre2:x64-windows wolfssl[opensslcompat]:x64-windows-static && c:\msys64\usr\bin\pacman.exe -S --noconfirm mingw-w64-x86_64-pcre2 mingw-w64-x86_64-wolfssl
- name: make Windows
run: make -f Makefile.win
env:
@ -37,7 +37,7 @@ jobs:
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
D:
cd "D:/a/3proxy/3proxy"
set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
set "INCLUDE=%INCLUDE%;c:/program files/openssl/include;c:/vcpkg/installed/x64-windows/include"
nmake /F Makefile.msvc
set "LIB=%LIB%;c:/vcpkg/installed/x64-windows-static/lib;c:/vcpkg/installed/x64-windows/lib"
set "INCLUDE=%INCLUDE%;c:/vcpkg/installed/x64-windows-static/include;c:/vcpkg/installed/x64-windows/include"
nmake /F Makefile.msvc WOLFSSL=1
nmake /F Makefile.msvc clean

View File

@ -57,3 +57,18 @@ jobs:
cmake --build .
cd ..
rmdir /s /q build
wolfssl:
name: "ubuntu-latest (wolfSSL)"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- name: Install wolfSSL
run: sudo apt install -y libwolfssl-dev
- name: make with CMake (wolfSSL preferred)
run: |
mkdir build
cd build
cmake ..
cmake --build .
cd .. && rm -rf build/

View File

@ -46,7 +46,8 @@ endif()
# Options
option(3PROXY_BUILD_SHARED "Build shared libraries for plugins" ON)
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support (requires OpenSSL)" ON)
option(3PROXY_USE_WOLFSSL "Enable TLS/SSL support via wolfSSL (preferred when detected)" ON)
option(3PROXY_USE_OPENSSL "Enable TLS/SSL support via OpenSSL (fallback when wolfSSL unavailable)" ON)
option(3PROXY_USE_PCRE2 "Enable PCRE2 regex filtering" ON)
option(3PROXY_USE_PAM "Enable PAM/PamAuth" ON)
option(3PROXY_USE_ODBC "Enable ODBC support (Unix only, always ON on Windows)" OFF)
@ -253,17 +254,38 @@ endif()
# Find dependencies
# OpenSSL
# TLS/SSL backend: prefer wolfSSL when detected, fall back to OpenSSL.
set(3PROXY_SSL_ENABLED FALSE)
set(3PROXY_SSL_WOLFSSL FALSE)
set(OPENSSL_FOUND FALSE)
if(3PROXY_USE_OPENSSL)
set(WOLFSSL_FOUND FALSE)
if(3PROXY_USE_WOLFSSL)
find_path(WOLFSSL_INCLUDE_DIR NAMES wolfssl/options.h wolfssl/ssl.h)
find_library(WOLFSSL_LIBRARIES NAMES wolfssl)
if(WOLFSSL_INCLUDE_DIR AND WOLFSSL_LIBRARIES)
set(WOLFSSL_FOUND TRUE)
set(3PROXY_SSL_ENABLED TRUE)
set(3PROXY_SSL_WOLFSSL TRUE)
add_compile_definitions(WITH_SSL WITH_WOLFSSL)
message(STATUS "wolfSSL found: ${WOLFSSL_LIBRARIES} (preferred backend)")
else()
message(STATUS "wolfSSL not found, falling back to OpenSSL if enabled")
endif()
endif()
if(NOT 3PROXY_SSL_ENABLED AND 3PROXY_USE_OPENSSL)
find_package(OpenSSL REQUIRED)
if(OpenSSL_FOUND)
set(OPENSSL_FOUND TRUE)
set(3PROXY_SSL_ENABLED TRUE)
add_compile_definitions(WITH_SSL)
message(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
endif()
else()
message(STATUS "OpenSSL disabled by user request")
elseif(NOT 3PROXY_SSL_ENABLED)
message(STATUS "SSL disabled (neither wolfSSL nor OpenSSL enabled/found)")
elseif(3PROXY_SSL_WOLFSSL)
message(STATUS "OpenSSL skipped (wolfSSL in use)")
endif()
# PCRE2
@ -305,8 +327,9 @@ if(ODBC_FOUND)
add_compile_definitions(WITH_ODBC)
endif()
# Set NORADIUS if OpenSSL is not available (RADIUS requires MD5 from OpenSSL)
if(NOT OPENSSL_FOUND)
# Set NORADIUS if no SSL backend is available (RADIUS MD5 uses bundled md5, but
# keep the historical gate tied to SSL availability).
if(NOT 3PROXY_SSL_ENABLED)
add_compile_definitions(NORADIUS)
endif()
@ -328,10 +351,15 @@ set(3PROXY_CORE_SOURCES
src/stringtable.c
)
# BLAKE2 source for 3proxy_crypt
# BLAKE2 source for 3proxy_crypt (bundled reference impl; wolfSSL provides
# BLAKE2b natively via wc_Blake2b* when WITH_WOLFSSL is enabled)
if(3PROXY_SSL_WOLFSSL)
set(MD_SOURCES)
else()
set(MD_SOURCES
src/libs/blake2b-ref.c
)
endif()
# ============================================================================
# Object libraries for common sources (shared between executables)
@ -350,13 +378,19 @@ target_include_directories(common_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
add_library(base64_obj OBJECT src/base64.c)
target_include_directories(base64_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere)
# mdhash object library (MD4/MD5: CAPI on Windows, bundled Solar Designer MD4/MD5 elsewhere,
# wolfSSL when WITH_WOLFSSL is enabled)
if(WIN32)
add_library(mdhash_obj OBJECT src/mdhash.c)
elseif(3PROXY_SSL_WOLFSSL)
add_library(mdhash_obj OBJECT src/mdhash.c)
else()
add_library(mdhash_obj OBJECT src/mdhash.c src/libs/md4.c src/libs/md5.c)
endif()
target_include_directories(mdhash_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
if(3PROXY_SSL_WOLFSSL)
target_include_directories(mdhash_obj PRIVATE ${WOLFSSL_INCLUDE_DIR})
endif()
# ============================================================================
# Object libraries for 3proxy (compiled WITHOUT WITHMAIN)
@ -402,9 +436,13 @@ target_include_directories(ftp_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
# 3proxy_crypt object for 3proxy (without WITHMAIN)
add_library(3proxy_crypt_obj OBJECT src/3proxy_crypt.c)
target_include_directories(3proxy_crypt_obj PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/src)
if(OpenSSL_FOUND)
if(3PROXY_SSL_ENABLED)
if(3PROXY_SSL_WOLFSSL)
target_include_directories(3proxy_crypt_obj PRIVATE ${WOLFSSL_INCLUDE_DIR})
else()
target_include_directories(3proxy_crypt_obj PRIVATE ${OPENSSL_INCLUDE_DIR})
endif()
endif()
# ============================================================================
# Main 3proxy executable
@ -425,7 +463,7 @@ add_executable(3proxy
)
target_sources(3proxy PRIVATE ${MD_SOURCES})
if(OpenSSL_FOUND)
if(3PROXY_SSL_ENABLED)
target_sources(3proxy PRIVATE src/ssllib.c src/ssl.c)
endif()
@ -437,9 +475,13 @@ target_include_directories(3proxy PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
)
if(OpenSSL_FOUND)
if(3PROXY_SSL_ENABLED)
if(3PROXY_SSL_WOLFSSL)
target_include_directories(3proxy PRIVATE ${WOLFSSL_INCLUDE_DIR})
else()
target_include_directories(3proxy PRIVATE ${OPENSSL_INCLUDE_DIR})
endif()
endif()
if(PCRE2_FOUND)
target_include_directories(3proxy PRIVATE ${PCRE2_INCLUDE_DIRS})
endif()
@ -454,10 +496,16 @@ if(ODBC_FOUND)
endif()
endif()
# OpenSSL linking
if(OpenSSL_FOUND)
# SSL linking
if(3PROXY_SSL_ENABLED)
if(3PROXY_SSL_WOLFSSL)
if(3PROXY_STATIC_LINK)
# Will be linked statically below (if static libraries are found)
# Will be linked statically below (if static library is found)
else()
target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES})
endif()
elseif(3PROXY_STATIC_LINK)
# OpenSSL static linking handled below
else()
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
@ -474,14 +522,19 @@ if(PCRE2_FOUND)
endif()
endif()
# Static linking of OpenSSL and PCRE2 (when option is enabled)
if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
# Static linking of SSL backend and PCRE2 (when option is enabled)
if(3PROXY_STATIC_LINK AND ((3PROXY_SSL_ENABLED AND NOT 3PROXY_SSL_WOLFSSL) OR (3PROXY_SSL_WOLFSSL) OR PCRE2_FOUND))
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
set(_static_libs "")
if(OpenSSL_FOUND)
if(3PROXY_SSL_WOLFSSL)
find_library(_wolfssl_static_lib NAMES wolfssl)
if(_wolfssl_static_lib)
list(APPEND _static_libs ${_wolfssl_static_lib})
endif()
elseif(OpenSSL_FOUND)
find_library(_ssl_static_lib ssl)
find_library(_crypto_static_lib crypto)
if(_ssl_static_lib AND _crypto_static_lib)
@ -500,10 +553,12 @@ if(3PROXY_STATIC_LINK AND (OpenSSL_FOUND OR PCRE2_FOUND))
if(_static_libs)
target_link_libraries(3proxy PRIVATE -Wl,-Bstatic ${_static_libs} -Wl,-Bdynamic)
message(STATUS "Static linking enabled for OpenSSL/PCRE2")
message(STATUS "Static linking enabled for SSL backend/PCRE2")
else()
message(WARNING "3PROXY_STATIC_LINK is ON but static libraries not found, falling back to dynamic")
if(OpenSSL_FOUND)
if(3PROXY_SSL_WOLFSSL)
target_link_libraries(3proxy PRIVATE ${WOLFSSL_LIBRARIES})
elseif(OpenSSL_FOUND)
target_link_libraries(3proxy PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
if(PCRE2_FOUND)
@ -537,11 +592,32 @@ target_include_directories(3proxy_crypt PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}/src
${CMAKE_CURRENT_SOURCE_DIR}/src/libs
)
if(OpenSSL_FOUND)
if(3PROXY_SSL_ENABLED)
if(3PROXY_SSL_WOLFSSL)
target_include_directories(3proxy_crypt PRIVATE ${WOLFSSL_INCLUDE_DIR})
else()
target_include_directories(3proxy_crypt PRIVATE ${OPENSSL_INCLUDE_DIR})
endif()
endif()
target_link_libraries(3proxy_crypt PRIVATE Threads::Threads)
if(OpenSSL_FOUND)
if(3PROXY_SSL_ENABLED)
if(3PROXY_SSL_WOLFSSL)
if(3PROXY_STATIC_LINK)
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
find_library(_wolfssl_static_lib_c NAMES wolfssl)
set(CMAKE_FIND_LIBRARY_SUFFIXES ${_saved_cmake_find_library_suffixes})
if(_wolfssl_static_lib_c)
target_link_libraries(3proxy_crypt PRIVATE -Wl,-Bstatic ${_wolfssl_static_lib_c} -Wl,-Bdynamic)
message(STATUS "3proxy_crypt: static wolfSSL")
else()
message(WARNING "3PROXY_STATIC_LINK is ON but static wolfSSL not found, using dynamic")
target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES})
endif()
else()
target_link_libraries(3proxy_crypt PRIVATE ${WOLFSSL_LIBRARIES})
endif()
else()
if(3PROXY_STATIC_LINK)
set(_saved_cmake_find_library_suffixes ${CMAKE_FIND_LIBRARY_SUFFIXES})
set(CMAKE_FIND_LIBRARY_SUFFIXES ".a")
@ -559,6 +635,7 @@ if(OpenSSL_FOUND)
target_link_libraries(3proxy_crypt PRIVATE OpenSSL::SSL OpenSSL::Crypto)
endif()
endif()
endif()
if("${3PROXY_BINARY_PREFIX}" STREQUAL "")
set_target_properties(3proxy_crypt PROPERTIES OUTPUT_NAME "mycrypt")
else()
@ -848,6 +925,7 @@ message(STATUS " Build type: ${CMAKE_BUILD_TYPE}")
message(STATUS "")
message(STATUS " Options:")
message(STATUS " BUILD_SHARED: ${3PROXY_BUILD_SHARED}")
message(STATUS " USE_WOLFSSL: ${3PROXY_USE_WOLFSSL}")
message(STATUS " USE_OPENSSL: ${3PROXY_USE_OPENSSL}")
message(STATUS " USE_PCRE2: ${3PROXY_USE_PCRE2}")
message(STATUS " USE_PAM: ${3PROXY_USE_PAM}")
@ -865,6 +943,7 @@ if(WIN32)
endif()
message(STATUS "")
message(STATUS " Libraries found:")
message(STATUS " wolfSSL: ${WOLFSSL_FOUND}")
message(STATUS " OpenSSL: ${OPENSSL_FOUND}")
message(STATUS " PCRE2: ${PCRE2_FOUND}")
message(STATUS " PAM: ${PAM_FOUND}")

View File

@ -47,6 +47,13 @@ ifeq ($(LIBSTATIC), true)
STATIC_SUFFIX = -Wl,-Bdynamic
ZLIB = -lz -lzstd
endif
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
ifeq ($(WOLFSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
ZLIB :=
else
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX)
@ -55,6 +62,7 @@ ifeq ($(OPENSSL_CHECK), true)
else
ZLIB :=
endif
endif
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -lpcre2-8 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
@ -66,7 +74,11 @@ ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
ifeq ($(WOLFSSL_CHECK), true)
BUNDLED_HASH_OBJS =
else
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
endif
include Makefile.inc
DESTDIR ?=

View File

@ -51,6 +51,13 @@ ifeq ($(LIBSTATIC), true)
ZLIB = -lz -lzstd
endif
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
ifeq ($(WOLFSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
ZLIB :=
else
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
@ -59,6 +66,7 @@ ifeq ($(OPENSSL_CHECK), true)
else
ZLIB :=
endif
endif
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
@ -69,7 +77,11 @@ PAM_CHECK ?= $(shell echo "\#include <security/pam_appl.h>\\n int main(){return
ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
ifeq ($(WOLFSSL_CHECK), true)
BUNDLED_HASH_OBJS =
else
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
endif
include Makefile.inc
allplugins:

View File

@ -31,12 +31,19 @@ COMPATLIBS =
MAKEFILE = Makefile.Solaris
PLUGINS = StringsPlugin TrafficPlugin TransparentPlugin FilePlugin
WOLFSSL_CHECK = $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testwssl testwssl.o -lwolfssl 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
ifeq ($(WOLFSSL_CHECK), true)
LIBS += -lwolfssl
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
else
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -o testssl testssl.o -lcrypto -lssl 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += -l crypto -l ssl
CFLAGS += -DWITH_SSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
endif
endif
PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
@ -44,7 +51,11 @@ ifeq ($(PCRE_CHECK), true)
PCRE_LIBS = -Wl,-Bstatic -lpcre2-8 -Wl,-Bdynamic
endif
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
ifeq ($(WOLFSSL_CHECK), true)
BUNDLED_HASH_OBJS =
else
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
endif
include Makefile.inc
allplugins:

View File

@ -11,13 +11,22 @@ CRYPT_PREFIX = 3proxy_
CC = cl
VERSION = $(VERSION)
BUILDDATE = $(BUILDDATE)
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "WITH_SSL" /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
!IFDEF WOLFSSL
SSL_DEFS = /D "WITH_SSL" /D "WITH_WOLFSSL"
SSL_LIBS = wolfssl.lib
BUNDLED_HASH_OBJS =
!ELSE
SSL_DEFS = /D "WITH_SSL"
SSL_LIBS = libcrypto.lib libssl.lib
BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS)
!ENDIF
CFLAGS = /nologo /MT /W3 /Ox /GS /EHs- /GA /GF /D "MSVC" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" $(SSL_DEFS) /D "WITH_PCRE" /D "WITH_ODBC" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /Fp"proxy.pch" /FD /c $(BUILDDATE) $(VERSION)
COUT = /Fo
LN = link
LDFLAGS = /nologo /subsystem:console /incremental:no
DLFLAGS = /DLL
DLSUFFICS = .dll
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib pcre2-8.lib
LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib $(SSL_LIBS) pcre2-8.lib
LIBSPREFIX =
LIBSSUFFIX = .lib
LIBEXT = .lib

View File

@ -49,6 +49,13 @@ ifeq ($(LIBSTATIC), true)
STATIC_SUFFIX = -Wl,-Bdynamic
ZLIB = -lz -lzstd
endif
WOLFSSL_CHECK ?= $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testwssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestwssl testwssl.o $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) 2>/dev/null && rm testwssl testwssl.o && echo true||echo false)
ifeq ($(WOLFSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX)
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
ZLIB :=
else
OPENSSL_CHECK ?= $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testssl.o - 2>/dev/null && $(CC) $(LDFLAGS) -otestssl testssl.o $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX) 2>/dev/null && rm testssl testssl.o && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -lcrypto -lssl $(STATIC_SUFFIX)
@ -57,6 +64,7 @@ ifeq ($(OPENSSL_CHECK), true)
else
ZLIB :=
endif
endif
PCRE_CHECK ?= $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | $(CC) -x c $(CFLAGS) -o testpcre.o - 2>/dev/null && $(CC) -o testpcre testpcre.o $(LDFLAGS) $(STATIC_PREFIX) -lpcre2-8 $(STATIC_SUFFIX) 2>/dev/null && rm testpcre testpcre.o && echo true||echo false)
ifeq ($(PCRE_CHECK), true)
CFLAGS += -DWITH_PCRE
@ -68,7 +76,11 @@ ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth
endif
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS)
ifeq ($(WOLFSSL_CHECK), true)
BUNDLED_HASH_OBJS =
else
BUNDLED_HASH_OBJS = md4$(OBJSUFFICS) md5$(OBJSUFFICS) blake2$(OBJSUFFICS)
endif
include Makefile.inc
DESTDIR ?=

View File

@ -42,6 +42,15 @@ ifeq ($(LIBSTATIC), true)
STATIC_SUFFIX = -Wl,-Bdynamic
ZLIB = -lz
endif
WOLFSSL_CHECK = $(shell echo "\#include <wolfssl/options.h>\\n\#include <wolfssl/openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -o testwssl - 2>/dev/null && rm testwssl && echo true||echo false)
ifeq ($(WOLFSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) -lwolfssl $(STATIC_SUFFIX) -lws2_32
CFLAGS += -DWITH_SSL -DWITH_WOLFSSL
SSL_OBJS = ssllib$(OBJSUFFICS) ssl$(OBJSUFFICS)
ZLIB :=
BUNDLED_HASH_OBJS =
else
BUNDLED_HASH_OBJS = blake2$(OBJSUFFICS)
OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
ifeq ($(OPENSSL_CHECK), true)
LIBS += $(STATIC_PREFIX) $(ZLIB) -l crypto -l ssl $(STATIC_SUFFIX) -lcrypt32
@ -50,6 +59,7 @@ ifeq ($(OPENSSL_CHECK), true)
else
ZLIB :=
endif
endif
PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | $(CC) -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
ifeq ($(PAM_CHECK), true)
PLUGINS += PamAuth

View File

@ -5,7 +5,6 @@
please read License Agreement
*/
#include "libs/blake2.h"
#include "mdhash.h"
#include <string.h>
@ -52,7 +51,7 @@ unsigned char * ntpwdhash (unsigned char *szHash, const unsigned char *szPasswor
}
/* Encrypt Unicode password to a 16-byte MD4 hash */
ctx = mdh_init(MDH_MD4);
ctx = mdh_init(MDH_MD4, 16);
if(!ctx) return NULL;
mdh_update(ctx, szUnicodePass, (nPasswordLen<<1));
if(!mdh_final(ctx, szUnicodePass, &len)) {
@ -89,7 +88,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
sl = (int)(ep - sp);
magic = (unsigned char *)"$1$";
ctx = mdh_init(MDH_MD5);
ctx = mdh_init(MDH_MD5, 16);
if(!ctx) {
*passwd = 0;
return NULL;
@ -105,7 +104,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
mdh_update(ctx, sp, (unsigned int)sl);
/* Then just as many unsigned characters of the MD5(pw,salt,pw) */
ctx1 = mdh_init(MDH_MD5);
ctx1 = mdh_init(MDH_MD5, 16);
if(!ctx1) {
mdh_free(ctx);
*passwd = 0;
@ -139,7 +138,7 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
*/
for(i=0;i<1000;i++) {
mdh_free(ctx1);
ctx1 = mdh_init(MDH_MD5);
ctx1 = mdh_init(MDH_MD5, 16);
if(!ctx1) { *passwd = 0; return NULL; }
if(i & 1)
mdh_update(ctx1, pw, (unsigned int)strlen((char *)pw));
@ -167,14 +166,17 @@ unsigned char * mycrypt(const unsigned char *pw, const unsigned char *salt, unsi
sl = (int)(ep - sp);
magic = (unsigned char *)"$3$";
{
blake2b_state S;
if(blake2b_init(&S, MD5_SIZE) != 0 ||
blake2b_update(&S, pw, strlen((char *)pw) + 1) != 0 ||
blake2b_update(&S, sp, sl) != 0 ||
blake2b_final(&S, final, MD5_SIZE) != 0) {
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, MD5_SIZE);
unsigned int blen = MD5_SIZE;
if(!bctx ||
!mdh_update(bctx, pw, (unsigned int)(strlen((char *)pw) + 1)) ||
!mdh_update(bctx, sp, (unsigned int)sl) ||
!mdh_final(bctx, final, &blen)) {
mdh_free(bctx);
*passwd = 0;
return NULL;
}
mdh_free(bctx);
}
}
else {

View File

@ -164,8 +164,8 @@ md4$(OBJSUFFICS): libs/md4.c libs/md4.h
md5$(OBJSUFFICS): libs/md5.c libs/md5.h
$(CC) $(COUT)md5$(OBJSUFFICS) $(CFLAGS) libs/md5.c
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): blake2$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS)
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS): $(BUNDLED_HASH_OBJS) 3proxy_cryptmain$(OBJSUFFICS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS)
$(LN) $(LNOUT)$(BUILDDIR)$(CRYPT_PREFIX)crypt$(EXESUFFICS) $(LDFLAGS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) mdhash$(OBJSUFFICS) 3proxy_cryptmain$(OBJSUFFICS) $(LIBS)
stringtable$(OBJSUFFICS): stringtable.c
$(CC) $(COUT)stringtable$(OBJSUFFICS) $(CFLAGS) stringtable.c
@ -179,6 +179,6 @@ ssl$(OBJSUFFICS): ssl.c structures.h proxy.h ssl.h
pcre$(OBJSUFFICS): pcre.c structures.h
$(CC) $(COUT)pcre$(OBJSUFFICS) $(CFLAGS) $(DEFINEOPTION)WITH_PCRE pcre.c
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) blake2$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) blake2$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)
$(BUILDDIR)3proxy$(EXESUFFICS): 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) log$(OBJSUFFICS) datatypes$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) 3proxy_crypt$(OBJSUFFICS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(VERSIONDEP)
$(LN) $(LNOUT)$(BUILDDIR)3proxy$(EXESUFFICS) $(LDFLAGS) $(VERFILE) 3proxy$(OBJSUFFICS) mainfunc$(OBJSUFFICS) auth$(OBJSUFFICS) acl$(OBJSUFFICS) limiter$(OBJSUFFICS) redirect$(OBJSUFFICS) authradius$(OBJSUFFICS) hash$(OBJSUFFICS) hashtables$(OBJSUFFICS) resolve$(OBJSUFFICS) sql$(OBJSUFFICS) conf$(OBJSUFFICS) datatypes$(OBJSUFFICS) srvauto$(OBJSUFFICS) srvproxy$(OBJSUFFICS) srvpop3p$(OBJSUFFICS) srvsmtpp$(OBJSUFFICS) srvftppr$(OBJSUFFICS) srvsocks$(OBJSUFFICS) srvtcppm$(OBJSUFFICS) srvtlspr$(OBJSUFFICS) srvudppm$(OBJSUFFICS) sockmap$(OBJSUFFICS) udpsockmap$(OBJSUFFICS) sockgetchar$(OBJSUFFICS) common$(OBJSUFFICS) log$(OBJSUFFICS) 3proxy_crypt$(OBJSUFFICS) $(BUNDLED_HASH_OBJS) base64$(OBJSUFFICS) ftp$(OBJSUFFICS) stringtable$(OBJSUFFICS) srvwebadmin$(OBJSUFFICS) srvdnspr$(OBJSUFFICS) plugins$(OBJSUFFICS) mdhash$(OBJSUFFICS) $(SSL_OBJS) $(PCRE_OBJS) $(COMPATLIBS) $(LIBS) $(PCRE_LIBS)

View File

@ -7,7 +7,7 @@
*/
#include "proxy.h"
#include "libs/blake2.h"
#include "mdhash.h"
void initbandlims(struct clientparam *param);
@ -231,13 +231,17 @@ int strongauth(struct clientparam * param){
if((unsigned)pwlen < pwl_table.recsize) {
if(!strncmp(pass + 1, (char *)param->password, pwl_table.recsize - 1)) return 0;
} else {
blake2b_state S;
mdh_ctx *bctx;
unsigned hashsz;
unsigned int blen;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
memset(buf, 0, pwl_table.recsize - 1);
blake2b_init(&S, hashsz);
blake2b_update(&S, param->password, pwlen + 1);
blake2b_final(&S, buf, hashsz);
bctx = mdh_init(MDH_BLAKE2, hashsz);
if(!bctx) return 6;
mdh_update(bctx, param->password, pwlen + 1);
blen = hashsz;
mdh_final(bctx, buf, &blen);
mdh_free(bctx);
if(!memcmp(pass + 1, buf, pwl_table.recsize - 1)) return 0;
}
return 6;

View File

@ -188,7 +188,7 @@ char *strNcpy(char *dest, const char *src, int n)
void md5_calc(unsigned char *output, unsigned char *input,
unsigned int inlen)
{
mdh_ctx *ctx = mdh_init(MDH_MD5);
mdh_ctx *ctx = mdh_init(MDH_MD5, 16);
unsigned int len = 16;
if(!ctx) return;
mdh_update(ctx, input, inlen);

View File

@ -7,7 +7,7 @@
*/
#include "proxy.h"
#include "libs/blake2.h"
#include "mdhash.h"
#ifdef WITH_SSL
void ssl_install(void);
#endif
@ -543,13 +543,17 @@ static int h_users(int argc, unsigned char **argv){
l = strlen(pw[1]);
if(l > 255) l = 255;
if((unsigned)l >= pwl_table.recsize) {
blake2b_state S;
mdh_ctx *bctx;
unsigned hashsz;
unsigned int blen;
if(*pass != CL) continue;
hashsz = pwl_table.recsize - 1 < 64 ? pwl_table.recsize - 1 : 64;
blake2b_init(&S, hashsz);
blake2b_update(&S, pw[1], l + 1);
blake2b_final(&S, pass+1, hashsz);
bctx = mdh_init(MDH_BLAKE2, hashsz);
if(!bctx) continue;
mdh_update(bctx, pw[1], l + 1);
blen = hashsz;
mdh_final(bctx, (unsigned char *)pass+1, &blen);
mdh_free(bctx);
} else {
memcpy(pass + 1, pw[1], l);
}

View File

@ -1,18 +1,21 @@
#include "proxy.h"
#include "libs/blake2.h"
#include "mdhash.h"
static void char_index2hash(const struct hashtable *ht, void *index, uint8_t *hash){
blake2b_state S;
int len;
unsigned int blen;
len = strlen((const char*)index);
memset(hash, 0, ht->hash_size);
if(len <= ht->hash_size) memcpy(hash, index, len);
else {
blake2b_init(&S, ht->hash_size);
blake2b_update(&S, index, strlen((const char*)index) + 1);
blake2b_final(&S, hash, ht->hash_size);
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
if(!bctx) return;
mdh_update(bctx, index, (unsigned int)(strlen((const char*)index) + 1));
blen = ht->hash_size;
mdh_final(bctx, hash, &blen);
mdh_free(bctx);
}
}
@ -23,7 +26,6 @@ static void param2hash_add(const struct hashtable *ht, void *index, uint8_t *has
}
void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
blake2b_state S;
struct clientparam *param = (struct clientparam *)index;
unsigned type = param->srv->authcachetype;
int len = 0, oplen = 0, acllen = 0, ulen = 0, plen = 0, hlen = 0, a1len = 0, a2len = 0, a3len = 0, p1len=0, p2len = 0;
@ -55,31 +57,36 @@ void param2hash_search(const struct hashtable *ht, void *index, uint8_t *hash){
if((type & 2048)){ memcpy(hash + offset, SAPORT(&param->srv->intsa), p2len); offset += 2; }
}
else {
blake2b_init(&S, ht->hash_size);
if((type & 2) && param->username)blake2b_update(&S, param->username, ulen);
if((type & 4) && param->password)blake2b_update(&S, param->password, plen);
if((type & 1) && !(type & 8))blake2b_update(&S, SAADDR(&param->sincr), a1len);
if((type & 16))blake2b_update(&S, &param->srv->acl, acllen);
if((type & 64))blake2b_update(&S, SAADDR(&param->req), a2len);
if((type & 128))blake2b_update(&S, SAPORT(&param->req), 2);
if((type & 256) && param->hostname)blake2b_update(&S, param->hostname, hlen);
if((type & 512))blake2b_update(&S, &param->operation, sizeof(param->operation));
if((type & 1024))blake2b_update(&S, SAADDR(&param->srv->intsa), a3len);
if((type & 2048))blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
blake2b_final(&S, hash, ht->hash_size);
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
unsigned int blen = ht->hash_size;
if(!bctx) { memcpy(param->hash, hash, ht->hash_size); return; }
if((type & 2) && param->username)mdh_update(bctx, param->username, ulen);
if((type & 4) && param->password)mdh_update(bctx, param->password, plen);
if((type & 1) && !(type & 8))mdh_update(bctx, SAADDR(&param->sincr), a1len);
if((type & 16))mdh_update(bctx, &param->srv->acl, acllen);
if((type & 64))mdh_update(bctx, SAADDR(&param->req), a2len);
if((type & 128))mdh_update(bctx, SAPORT(&param->req), 2);
if((type & 256) && param->hostname)mdh_update(bctx, param->hostname, hlen);
if((type & 512))mdh_update(bctx, &param->operation, sizeof(param->operation));
if((type & 1024))mdh_update(bctx, SAADDR(&param->srv->intsa), a3len);
if((type & 2048))mdh_update(bctx, SAPORT(&param->srv->intsa), 2);
mdh_final(bctx, hash, &blen);
mdh_free(bctx);
}
memcpy(param->hash, hash, ht->hash_size);
}
static void udpparam2hash(const struct hashtable *ht, void *index, uint8_t *hash){
struct clientparam *param = (struct clientparam *)index;
blake2b_state S;
blake2b_init(&S, ht->hash_size);
blake2b_update(&S, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
blake2b_update(&S, SAPORT(&param->srv->intsa), 2);
blake2b_update(&S, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
blake2b_update(&S, SAPORT(&param->sincr), 2);
blake2b_final(&S, hash, ht->hash_size);
mdh_ctx *bctx = mdh_init(MDH_BLAKE2, ht->hash_size);
unsigned int blen = ht->hash_size;
if(!bctx) return;
mdh_update(bctx, SAADDR(&param->srv->intsa), SAADDRLEN(&param->srv->intsa));
mdh_update(bctx, SAPORT(&param->srv->intsa), 2);
mdh_update(bctx, SAADDR(&param->sincr), SAADDRLEN(&param->sincr));
mdh_update(bctx, SAPORT(&param->sincr), 2);
mdh_final(bctx, hash, &blen);
mdh_free(bctx);
}
struct hashtable dns_table = {char_index2hash, char_index2hash, 4, 32};

View File

@ -26,6 +26,11 @@
#ifndef _MD4_H
#define _MD4_H
#ifdef WITH_WOLFSSL
#include <wolfssl/options.h>
#include <wolfssl/openssl/md4.h>
#else
#include <stddef.h> /* for size_t */
/* Any 32-bit or wider unsigned integer data type will do */
@ -44,4 +49,6 @@ extern void MD4_Init(MD4_CTX *ctx);
extern void MD4_Update(MD4_CTX *ctx, const void *data, size_t size);
extern void MD4_Final(unsigned char *result, MD4_CTX *ctx);
#endif /* !WITH_WOLFSSL */
#endif

View File

@ -26,6 +26,11 @@
#ifndef _MD5_H
#define _MD5_H
#ifdef WITH_WOLFSSL
#include <wolfssl/options.h>
#include <wolfssl/openssl/md5.h>
#else
/* Any 32-bit or wider unsigned integer data type will do */
typedef unsigned int MD5_u32plus;
@ -40,4 +45,6 @@ extern void MD5_Init(MD5_CTX *ctx);
extern void MD5_Update(MD5_CTX *ctx, const void *data, unsigned long size);
extern void MD5_Final(unsigned char *result, MD5_CTX *ctx);
#endif /* !WITH_WOLFSSL */
#endif

View File

@ -4,129 +4,202 @@
please read License Agreement
MD4/MD5 hash implementation.
- Windows: CryptoAPI (CAPI). Supports both CALG_MD4 and CALG_MD5.
- Other platforms: bundled public-domain MD4/MD5 (Solar Designer, 2001).
MD4/MD5/BLAKE2 hash implementation.
- Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2.
- wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native wc_*).
- Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference.
*/
#include "mdhash.h"
#include <stdlib.h>
#include <string.h>
#ifdef _WIN32
/* ----- BLAKE2 backend selection ----- */
#ifdef WITH_WOLFSSL
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/blake2.h>
#define MDH_BLAKE2_BACKEND_WOLFSSL
#else
#include "libs/blake2.h"
#endif
/* ----- MD4/MD5 backend selection ----- */
#if defined(_WIN32) && !defined(WITH_WOLFSSL)
#define MDH_MD_BACKEND_CAPI
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <wincrypt.h>
#else
#include "libs/md4.h"
#include "libs/md5.h"
#endif
struct mdh_ctx {
mdh_alg alg;
unsigned int outlen;
#ifdef MDH_MD_BACKEND_CAPI
HCRYPTPROV hProv;
HCRYPTHASH hHash;
#else
union {
MD4_CTX md4;
MD5_CTX md5;
} u;
#endif
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
Blake2b blake2;
#else
blake2b_state blake2;
#endif
};
mdh_ctx *mdh_init(mdh_alg alg)
mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen)
{
mdh_ctx *c;
ALG_ID alg_id;
c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
if(!c) return NULL;
c->hProv = 0;
c->hHash = 0;
memset(c, 0, sizeof(*c));
c->alg = alg;
c->outlen = outlen;
switch(alg) {
case MDH_MD4:
#ifdef MDH_MD_BACKEND_CAPI
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT)) {
free(c);
return NULL;
}
alg_id = (alg == MDH_MD4) ? CALG_MD4 : CALG_MD5;
if(!CryptCreateHash(c->hProv, alg_id, 0, 0, &c->hHash)) {
if(!CryptCreateHash(c->hProv, CALG_MD4, 0, 0, &c->hHash)) {
CryptReleaseContext(c->hProv, 0);
free(c);
return NULL;
}
return c;
}
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
{
if(!c || !c->hHash) return 0;
if(len == 0) return 1;
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
}
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
{
DWORD l;
BOOL ok;
if(!c || !c->hHash || !outlen) return 0;
l = (DWORD)*outlen;
ok = CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0);
if(!ok) return 0;
*outlen = (unsigned int)l;
return 1;
}
void mdh_free(mdh_ctx *c)
{
if(!c) return;
if(c->hHash) CryptDestroyHash(c->hHash);
if(c->hProv) CryptReleaseContext(c->hProv, 0);
free(c);
}
#else /* !_WIN32 */
#include "libs/md4.h"
#include "libs/md5.h"
#include <string.h>
struct mdh_ctx {
int alg; /* MDH_MD4 or MDH_MD5 */
union {
MD4_CTX md4;
MD5_CTX md5;
} u;
};
mdh_ctx *mdh_init(mdh_alg alg)
{
mdh_ctx *c = (mdh_ctx *)malloc(sizeof(mdh_ctx));
if(!c) return NULL;
c->alg = alg;
if(alg == MDH_MD4)
#else
MD4_Init(&c->u.md4);
else
#endif
break;
case MDH_MD5:
#ifdef MDH_MD_BACKEND_CAPI
if(!CryptAcquireContext(&c->hProv, NULL, NULL, PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT)) {
free(c);
return NULL;
}
if(!CryptCreateHash(c->hProv, CALG_MD5, 0, 0, &c->hHash)) {
CryptReleaseContext(c->hProv, 0);
free(c);
return NULL;
}
#else
MD5_Init(&c->u.md5);
#endif
break;
case MDH_BLAKE2:
if(!outlen || outlen > 64) {
free(c);
return NULL;
}
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
if(wc_InitBlake2b(&c->blake2, outlen) != 0) {
free(c);
return NULL;
}
#else
if(blake2b_init(&c->blake2, outlen) != 0) {
free(c);
return NULL;
}
#endif
break;
default:
free(c);
return NULL;
}
return c;
}
int mdh_update(mdh_ctx *c, const void *data, unsigned int len)
{
if(!c) return 0;
if(c->alg == MDH_MD4)
if(len == 0) return 1;
switch(c->alg) {
case MDH_MD4:
#ifdef MDH_MD_BACKEND_CAPI
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
#else
MD4_Update(&c->u.md4, data, (size_t)len);
else
return 1;
#endif
case MDH_MD5:
#ifdef MDH_MD_BACKEND_CAPI
return CryptHashData(c->hHash, (BYTE *)data, len, 0) ? 1 : 0;
#else
MD5_Update(&c->u.md5, data, (unsigned long)len);
return 1;
#endif
case MDH_BLAKE2:
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
return wc_Blake2bUpdate(&c->blake2, (const byte *)data, len) == 0;
#else
return blake2b_update(&c->blake2, data, len) == 0;
#endif
}
return 0;
}
int mdh_final(mdh_ctx *c, unsigned char *out, unsigned int *outlen)
{
if(!c || !outlen) return 0;
if(c->alg == MDH_MD4)
switch(c->alg) {
case MDH_MD4:
#ifdef MDH_MD_BACKEND_CAPI
{
DWORD l = (DWORD)*outlen;
if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0))
return 0;
*outlen = (unsigned int)l;
return 1;
}
#else
MD4_Final(out, &c->u.md4);
else
*outlen = 16;
return 1;
#endif
case MDH_MD5:
#ifdef MDH_MD_BACKEND_CAPI
{
DWORD l = (DWORD)*outlen;
if(!CryptGetHashParam(c->hHash, HP_HASHVAL, out, &l, 0))
return 0;
*outlen = (unsigned int)l;
return 1;
}
#else
MD5_Final(out, &c->u.md5);
*outlen = 16;
return 1;
#endif
case MDH_BLAKE2:
if(*outlen < c->outlen) return 0;
#ifdef MDH_BLAKE2_BACKEND_WOLFSSL
if(wc_Blake2bFinal(&c->blake2, out, c->outlen) != 0)
return 0;
#else
if(blake2b_final(&c->blake2, out, c->outlen) != 0)
return 0;
#endif
*outlen = c->outlen;
return 1;
}
return 0;
}
void mdh_free(mdh_ctx *c)
{
if(!c) return;
#ifdef MDH_MD_BACKEND_CAPI
if(c->hHash) CryptDestroyHash(c->hHash);
if(c->hProv) CryptReleaseContext(c->hProv, 0);
#endif
memset(c, 0, sizeof(*c));
free(c);
}
#endif /* _WIN32 */

View File

@ -4,19 +4,23 @@
please read License Agreement
Internal MD4/MD5 hash abstraction.
- Windows: CryptoAPI (CAPI) backed, no OpenSSL dependency for these hashes.
- Other platforms: OpenSSL EVP backed (requires WITH_SSL).
Internal MD4/MD5/BLAKE2 hash abstraction.
- Windows (no wolfSSL): CryptoAPI (CAPI) for MD4/MD5; bundled BLAKE2.
- wolfSSL: wolfCrypt for MD4/MD5 (OpenSSL compat) and BLAKE2 (native).
- Other: bundled public-domain MD4/MD5 + bundled BLAKE2 reference.
*/
#ifndef _MDHASH_H
#define _MDHASH_H
typedef enum { MDH_MD4, MDH_MD5 } mdh_alg;
typedef enum { MDH_MD4, MDH_MD5, MDH_BLAKE2 } mdh_alg;
typedef struct mdh_ctx mdh_ctx;
/* Returns NULL on failure. */
mdh_ctx *mdh_init(mdh_alg alg);
/* alg selects the hash. outlen selects digest size:
- MD4/MD5: outlen ignored (fixed 16 bytes).
- BLAKE2: outlen is the requested digest length (1..64).
Returns NULL on failure. */
mdh_ctx *mdh_init(mdh_alg alg, unsigned int outlen);
/* Returns 1 on success, 0 on failure. */
int mdh_update(mdh_ctx *c, const void *data, unsigned int len);

View File

@ -6,11 +6,20 @@
*/
#include "structures.h"
#ifdef WITH_WOLFSSL
#include <wolfssl/options.h>
#include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/x509.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/err.h>
#else
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
#include "proxy.h"
#include "ssl.h"
@ -487,7 +496,7 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
int err = 0;
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
ctx = SSL_CTX_new(SSLv23_server_method());
#else
ctx = SSL_CTX_new(TLS_server_method());
@ -517,14 +526,17 @@ SSL_CTX * ssl_cli_ctx(SSL_CONFIG *config, X509 *server_cert, EVP_PKEY *server_ke
if(config->server_min_proto_version)SSL_CTX_set_min_proto_version(ctx, config->server_min_proto_version);
if(config->server_max_proto_version)SSL_CTX_set_max_proto_version(ctx, config->server_max_proto_version);
if(config->server_cipher_list)SSL_CTX_set_cipher_list(ctx, config->server_cipher_list);
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L
if(config->server_ciphersuites)SSL_CTX_set_ciphersuites(ctx, config->server_ciphersuites);
#elif defined(WITH_WOLFSSL)
/* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */
if(config->server_ciphersuites)wolfSSL_CTX_set_cipher_list(ctx, config->server_ciphersuites);
#endif
if(config->server_verify){
if(config->server_ca_file || config->server_ca_dir){
SSL_CTX_load_verify_locations(ctx, config->server_ca_file, config->server_ca_dir);
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
else if(config->server_ca_store){
SSL_CTX_load_verify_store(ctx, config->server_ca_store);
}
@ -655,7 +667,7 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
srv->so._poll = ssl_poll;
}
if(sc && (sc->mitm || sc->cli)){
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
sc->srv_ctx = SSL_CTX_new(SSLv23_client_method());
#else
sc->srv_ctx = SSL_CTX_new(TLS_client_method());
@ -671,17 +683,20 @@ static void* ssl_filter_open(void * idata, struct srvparam * srv){
if(sc->client_min_proto_version)SSL_CTX_set_min_proto_version(sc->srv_ctx, sc->client_min_proto_version);
if(sc->client_max_proto_version)SSL_CTX_set_max_proto_version(sc->srv_ctx, sc->client_max_proto_version);
if(sc->client_cipher_list)SSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_cipher_list);
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10101000L
if(sc->client_ciphersuites)SSL_CTX_set_ciphersuites(sc->srv_ctx, sc->client_ciphersuites);
#elif defined(WITH_WOLFSSL)
/* wolfSSL has no separate TLS1.3 ciphersuites API; route to cipher list. */
if(sc->client_ciphersuites)wolfSSL_CTX_set_cipher_list(sc->srv_ctx, sc->client_ciphersuites);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10200000L
#if (defined(WITH_WOLFSSL) && defined(HAVE_ALPN) && LIBWOLFSSL_VERSION_HEX >= 0x03007000) || (!defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x10200000L)
if(sc->client_alpn_protos.protos_len)SSL_CTX_set_alpn_protos(sc->srv_ctx, sc->client_alpn_protos.protos, sc->client_alpn_protos.protos_len);
#endif
if(sc->client_verify){
if(sc->client_ca_file || sc->client_ca_dir){
SSL_CTX_load_verify_locations(sc->srv_ctx, sc->client_ca_file, sc->client_ca_dir);
}
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#if !defined(WITH_WOLFSSL) && OPENSSL_VERSION_NUMBER >= 0x30000000L
else if(sc->client_ca_store){
SSL_CTX_load_verify_store(sc->srv_ctx, sc->client_ca_store);
}

View File

@ -14,12 +14,22 @@
#include <sys/file.h>
#endif
#ifdef WITH_WOLFSSL
#include <wolfssl/options.h>
#include <wolfssl/openssl/crypto.h>
#include <wolfssl/openssl/x509.h>
#include <wolfssl/openssl/x509v3.h>
#include <wolfssl/openssl/pem.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/err.h>
#else
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif
#include "proxy.h"
#include "ssl.h"
@ -103,7 +113,6 @@ SSL_CERT ssl_copy_cert(SSL_CERT cert, SSL_CONFIG *config)
X509 *dst_cert = NULL;
EVP_PKEY *pk = NULL;
RSA *rsa = NULL;
unsigned char hash_sha256[32];
char hash_name_sha256[(16*2) + 1];